Today, network and data security is top of mind for businesses everywhere, and with good reason – there has been a slew of high-profile data breaches that demonstrate what happens when security's not tight enough. Businesses, though, aren't the only target hackers try to prey on every day.
In fact, hackers target computers and other devices with internet access with alarming frequency. A recent study found that there's an attempted attack every 39 seconds on average. That means home users have just as much exposure to the threat as businesses do, but what they don't have is an IT department working to maintain their security.
That means users have to take it upon themselves to secure their home networks if they want to make sure nobody gains access to their devices. The good news is that even for a relative novice, that's not a very hard thing to do.
Begin With Your Internet Connection
In most cases, a home's internet connection is supplied by an ISP-provided modem, which often also includes a built-in Wi-Fi capability. The problem with that is the fact that ISP-provided hardware is notoriously insecure. That means the first step to improving your home's network security is to either purchase your own modem or to at least add your own router and firewall behind the ISP equipment to keep your network-attached devices safe.
In the US and elsewhere, ISPs are required by law to allow customers to use their own equipment and that's the preferable option whenever it's practical for the user. Unfortunately, there's no shortage of reports of ISPs making it difficult for customers to do this, so your mileage may vary. The first step to finding out your options is to contact your specific ISP and ask them to provide you with a list of modem models that are compatible with your service. Here's the information for the major US ISPs:
- Modems for Optimum by Altice
- Modems for Comcast Xfinity
- Modems for Time Warner Cable
- Modems for Spectrum
If you choose to purchase your own modem, you will have to call your ISP to get it registered and turned on to work with their network. That can be a challenge, depending on your provider, but it's worth it. With your own modem, you will enhance your security and do away with costly monthly equipment rental charges, too.
Adding a Network Firewall
Whether you're using the ISP's modem or your own, it's not a good idea to rely on either as your only form of network security. Instead, you should add a hardware firewall device behind it for better protection and more specific network access controls. If you're not terribly technically inclined, there are now a variety of home network firewalls on the market that offer excellent network-wide threat defense at reasonable prices. The main benefit of these is that they're designed to be plug-and-play solutions. The downside is that the most user-friendly devices tend to require yearly subscriptions to keep them up to date.
As an alternative, it's possible to repurpose an old or disused computer to make a much more versatile and perpetually-free home network firewall. All you will need is a somewhat recent PC that meets the following minimum specifications:
- At least a 1 GHz CPU
- At least 1 GB of RAM
- An internal HDD with at least 40 GB of space
- 2 available network adapters
That last requirement is typically the most difficult to satisfy, but an add-on network card can be had for under $20 and they're a snap to install in most machines.
With your hardware ready, all you have to do is choose an open-source firewall solution to install on it. The three most appropriate for home users are:
- Untangle NG Firewall – Untangle is one of the oldest open-source firewall products available today. It's extremely user-friendly, easy to install, and is simple to manage (even for a novice). The free version comes with everything a home user needs to stay safe, including plugins for network-wide antivirus protection, ad blocking, and phishing protection. Best of all, Untangle's support staff are very helpful and will even support free installations if you're willing to be patient and wait for them to respond (paid customers always come first).
- IPFire – Like Untangle, IPFire is an open-source firewall solution that just does everything. It has plugins that handle every kind of security function you can think of, and even a few you've probably never considered. It's also possible to add networking features like a mail server, file server, network print services and anything else you can think of to it. The only downside is that it's a bit harder to configure, so novice users will have to read up a bit to get started with it.
- pfSense – As far as free firewall solutions go, you won't find a more powerful option than pfSense. It is an enterprise-grade solution in every way, and is used by a variety of large companies around the world. Its power, though, makes it a favorite of the home enthusiast market segment. The problem is that it's not all that easy to configure and maintain. So while it is an option for home use, it's one most users should avoid unless they're looking to learn some serious networking skills to do it.
Secure Your Network Devices
With perimeter security taken care of, the next step is to see to the security of the individual devices connected to your network. I've covered a number of networking devices in a previous guide, and all of them should be assessed for security if they're a part of your setup.
The first step to doing this is to check with each device's manufacturer to see if there are any available software or firmware updates you should apply. Many times these updates will address security flaws discovered after release and they should be applied according to the manufacturers' recommendations. Make sure to do this with every device attached to your network including:
- Smart Speakers
- Smart TVs
- Connected Blu-Ray Players
- Streaming Set-Top Boxes
- Smart Home Equipment (thermostats, sensors, etc)
The second step is to use your firewall to restrict inbound external internet access to your network devices unless their operation requires it. That will make it harder for an attacker to exploit weaknesses in the devices should any persist after updating.
Last but not least, make sure that none of your network-connected devices are broadcasting an open Wi-Fi signal. The primary culprits for that type of thing are network printers, so give them a good long look and turn off their networking features if you're not using them.
The last step in securing a home network is to make use of encryption technology wherever it is possible. To begin with, it's critical to make sure that the home's Wi-Fi connection makes use of WPA2-PSK with AES encryption in its security settings (at least until WPA3 is available). That security should be complemented with a strong and complex Wi-Fi passphrase for clients to use to connect. Together, those features prevent any unauthorized access to the wireless network and keep anyone within the range from sniffing any of your network traffic to look for a way in.
You should also make an effort to use webpages secured with SSL encryption which is signified by the "HTTPS" prefix of the web address or a padlock symbol in your web browser's address bar. If you want to add some extra security, you can even use a VPN to add an extra layer of encryption to all of your internet traffic. If you've opted to install one of the open-source firewall options mentioned earlier, you can even set up your own VPN server that can protect you at home as well as when you're on the road.
Stay Safe from Determined Attackers
Earlier, I mentioned that data indicates the fact that internet-connected devices face attacks roughly every 29 seconds. The good news is that most of those attacks are simple port scans and dictionary attacks probing for vulnerabilities and weak passwords. If you implement the network security measures above, you should be safe from the vast majority of those attempts. You should even be safe from more determined attackers, who will have a difficult time finding any hole in your network's defenses. Of course, no defense is perfect, but most hackers will pass a defended network to prey on easier targets – of which there's never any shortage.
This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.
© 2019 Andrej Kovacevic